A Reliable Stream Learning Model for Network Intrusion Detection Systems

Authors

DOI:

https://doi.org/10.5753/jbcs.2026.5608

Keywords:

Machine Learning, Stream Learning, Network-based Intrusion Detection System, Reject Option

Abstract

Developing a reliable Network Intrusion Detection System (NIDS) remains a complex task due to the non-stationary nature of network traffic and the need for frequent updates to maintain high classification performance. Many existing approaches assume a stationary network environment, which overlooks the challenges associated with periodic model updates, such as the need for large amounts of properly labeled data and significant computational resources. This issue is particularly challenging for real-time applications, where minimizing delays and ensuring accuracy is crucial. This paper proposes an analysis of how changes in the network behavior negatively affects the long-term of ML-Based NIDS. For such a problem, it is proposed a new NIDS approach integrating stream learning with a reject option technique to simplify the model update process while ensuring consistent classification accuracy over time. The proposal uses stream learning classifiers to incrementally incorporate new data, while the reject option allows the system to evaluate the reliability of classifications before they are used for updates. The scheme operates with minimal intervention, with rejected instances stored for future updates and used to fine-tune the model over time, ensuring adaptation to evolving network conditions. Experimental results demonstrate that the proposed approach maintains high classification accuracy over a year, even without recurrent updates, and achieves significant improvements in true positive rates compared to traditional methods. The system can operate for up to three months without updates, with no significant degradation in performance.

Downloads

Download data is not yet available.

References

Abbasi, A., Javed, A. R., Chakraborty, C., Nebhen, J., Zehra, W., and Jalil, Z. (2021). Elstream: An ensemble learning approach for concept drift detection in dynamic social big data stream learning. IEEE Access, 9:66408–66419. DOI: 10.1109/ACCESS.2021.3076264.

Abdulboriy, A. and Shin, J. S. (2024). An incremental majority voting approach for intrusion detection system based on machine learning. IEEE Access, 12:18972–18986. DOI: 10.1109/access.2024.3361041.

Ahmad, Z., Shahid Khan, A., Wai Shiang, C., Abdullah, J., and Ahmad, F. (2021). Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies, 32(1):e4150. DOI: 10.1002/ett.4150.

Apruzzese, G., Laskov, P., Montes De Oca, E., Mallouli, W., Brdalo Rapa, L., Grammatopoulos, A. V., and Di Franco, F. (2023). The role of machine learning in cybersecurity. Digital Threats: Research and Practice, 4(1):1–38. DOI: 10.1145/3545574.

Apruzzese, G., Pajola, L., and Conti, M. (2022). The cross-evaluation of machine learning-based network intrusion detection systems. IEEE Transactions on Network and Service Management, 19(4):5152–5169. DOI: 10.1109/tnsm.2022.3157344.

Bahri, M., Bifet, A., Gama, J., Gomes, H. M., and Maniu, S. (2021). Data stream analysis: Foundations, major tasks and tools. WIREs Data Mining and Knowledge Discovery, 11(3). DOI: 10.1002/widm.1405.

Bouke, M. A. and Abdullah, A. (2023). An empirical study of pattern leakage impact during data preprocessing on machine learning-based intrusion detection models reliability. Expert Systems with Applications, 230:120715. DOI: 10.1016/j.eswa.2023.120715.

Du, J., Yang, K., Hu, Y., and Jiang, L. (2023). Nids-cnnlstm: Network intrusion detection classification model based on deep learning. IEEE Access, 11:24808–24821. DOI: 10.1109/access.2023.3254915.

Fumera, G., Roli, F., and Giacinto, G. (2000). Reject option with multiple thresholds. Pattern recognition, 33(12):2099-2101. DOI: 10.1016/s0031-3203(00)00059-5.

Kalita, D. J., Singh, V. P., and Kumar, V. (2023). A novel adaptive optimization framework for svm hyper-parameters tuning in non-stationary environment: A case study on intrusion detection system. Expert Systems with Applications, 213:119189. DOI: 10.1016/j.eswa.2022.119189.

Kandhro, I. A., Alanazi, S. M., Ali, F., Kehar, A., Fatima, K., Uddin, M., and Karuppayah, S. (2023). Detection of real-time malicious intrusions and attacks in iot empowered cybersecurity infrastructures. IEEE Access, 11:9136–9148. DOI: 10.1109/access.2023.3238664.

Kilincer, I. F., Ertam, F., and Sengur, A. (2021). Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Computer Networks, 188:107840. DOI: 10.1016/j.comnet.2021.107840.

Liao, H.-J., Richard Lin, C.-H., Lin, Y.-C., and Tung, K.-Y. (2013). Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications, 36(1):16–24. DOI: 10.1016/j.jnca.2012.09.004.

Liu, L., Engelen, G., Lynar, T., Essam, D., and Joosen, W. (2022). Error prevalence in nids datasets: A case study on cic-ids-2017 and cse-cic-ids-2018. In 2022 IEEE Conference on Communications and Network Security (CNS), page 254–262, Austin, TX, USA. IEEE. DOI: 10.1109/CNS56114.2022.9947235.

Luxemburk, J. and Čejka, T. (2023). Fine-grained tls services classification with reject option. Computer Networks, 220:109467. DOI: 10.1016/j.comnet.2022.109467.

MAWI (2021). MAWI Working Group Traffic Archive - Samplepoint F. Available at:[link].

Molina-Coronado, B., Mori, U., Mendiburu, A., and Miguel-Alonso, J. (2020). Survey of network intrusion detection methods from the perspective of the knowledge discovery in databases process. IEEE Transactions on Network and Service Management, 17(4):2451–2479. DOI: 10.1109/TNSM.2020.3016246.

Moore, A. W. and Zuev, D. (2005). Internet traffic classification using bayesian analysis techniques. In Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, pages 50-60. DOI: 10.1145/1071690.1064220.

Nie, Z., Basumallik, S., Banerjee, P., and Srivastava, A. K. (2024). Intrusion detection in cyber-physical grid using incremental ml with adaptive moment estimation. IEEE Transactions on Industrial Cyber-Physical Systems, 2:206–219. DOI: 10.1109/ticps.2024.3413607.

Nisioti, A., Mylonas, A., Yoo, P. D., and Katos, V. (2018). From intrusion detection to attacker attribution: A comprehensive survey of unsupervised methods. IEEE Communications Surveys & Tutorials, 20(4):3369–3388. DOI: 10.1109/COMST.2018.2854724.

Olanrewaju-George, B. and Pranggono, B. (2025). Federated learning-based intrusion detection system for the internet of things using unsupervised and supervised deep learning models. Cyber Security and Applications, 3:100068. DOI: 10.1016/j.csa.2024.100068.

Paya, A., Arroni, S., García-Díaz, V., and Gómez, A. (2024). Apollon: A robust defense system against adversarial machine learning attacks in intrusion detection systems. Computers &; Security, 136:103546. DOI: 10.1016/j.cose.2023.103546.

Pereira, S. S. L. and Maia, J. E. B. (2022). Weakly supervised video anomaly detection combining deep features with shallow neural networks. Journal of the Brazilian Computer Society, 28(1):69–79. DOI: 10.5753/jbcs.2022.2194.

Saba, T., Rehman, A., Sadad, T., Kolivand, H., and Bahaj, S. A. (2022). Anomaly-based intrusion detection system for iot networks through deep learning model. Computers and Electrical Engineering, 99:107810. DOI: 10.1016/j.compeleceng.2022.107810.

Sarhan, M., Layeghy, S., and Portmann, M. (2021). Towards a standard feature set for network intrusion detection system datasets. Mobile Networks and Applications, 27(1):357–370. DOI: 10.1007/s11036-021-01843-0.

Sharma, B., Sharma, L., Lal, C., and Roy, S. (2023). Anomaly based network intrusion detection for iot attacks using deep learning technique. Computers and Electrical Engineering, 107:108626. DOI: 10.1016/j.compeleceng.2023.108626.

Talukder, M. A., Hasan, K. F., Islam, M. M., Uddin, M. A., Akhter, A., Yousuf, M. A., Alharbi, F., and Moni, M. A. (2023). A dependable hybrid machine learning model for network intrusion detection. Journal of Information Security and Applications, 72:103405. DOI: 10.1016/j.jisa.2022.103405.

Verkerken, M., D’hooge, L., Wauters, T., Volckaert, B., and De Turck, F. (2021). Towards model generalization for intrusion detection: Unsupervised machine learning techniques. Journal of Network and Systems Management, 30(1). DOI: 10.1007/s10922-021-09615-7.

Viegas, E., Santin, A., Bessani, A., and Neves, N. (2019). Bigflow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93:473-485. DOI: 10.1016/j.future.2018.09.051.

Viegas, E. K., Santin, A. O., and Oliveira, L. S. (2017). Toward a reliable anomaly-based intrusion detection in real-world environments. Computer Networks, 127:200-216. DOI: 10.1016/j.comnet.2017.08.013.

Wang, K., Lu, J., Liu, A., and Zhang, G. (2024). Ts-dm: A time segmentation-based data stream learning method for concept drift adaptation. IEEE Transactions on Cybernetics, 54(10):6000–6011. DOI: 10.1109/TCYB.2024.3429459.

Xu, X., Zhang, X., Zhang, Q., Wang, Y., Adebisi, B., Ohtsuki, T., Sari, H., and Gui, G. (2024). Advancing malware detection in network traffic with self-paced class incremental learning. IEEE Internet of Things Journal, 11(12):21816–21826. DOI: 10.1109/jiot.2024.3376635.

Downloads

Published

2026-03-02

How to Cite

Horchulhack, P., Viegas, E. K., & Santin, A. O. (2026). A Reliable Stream Learning Model for Network Intrusion Detection Systems. Journal of the Brazilian Computer Society, 32(1), 186–200. https://doi.org/10.5753/jbcs.2026.5608

Issue

Vol. 32 No. 1 (2026)

Section

Regular Issue

License

Copyright (c) 2026 Pedro Horchulhack, Eduardo Kugler Viegas, Altair Olivo Santin

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Crossref
Scopus
Google Scholar
Europe PMC